Long-running Chinese surveillance campaign targets Uyghurs, researchers say

Updated on: 14 November 2022

Gintaras Radauskas
Senior journalist

uigur-china-app — Image by Shutterstock.

Researchers from the cybersecurity company Lookout claim to have found evidence of Chinese spyware in Uyghur-language apps that allows Beijing to track the location and harvest the data of Uyghurs both in China and abroad.

Researchers from Lookout Threat Lab have since 2018 analyzed multiple Uyghur-language Android apps and now say they have been infected with a couple of strains of spyware.

The tools – BadBazaar as Lookout names it, and new strains of MOONSHINE, already discovered by Citizen Lab, are linked to Chinese state-backed hacker groups.

They add to the already extensive collection of spying programs against Uyghurs, China’s Turkic Muslim minority, mostly living in the region of Xinjiang. The United States and other Western countries say China’s treatment of Uyghurs amounts to genocide.

“BadBazaar and these new variants of MOONSHINE add to the already extensive collection of unique surveillanceware used in campaigns to surveil and subsequently detain individuals in China.” Lookout Threat Lab researchers say.

“Their continued development and their prevalence on Uyghur-language social media platforms indicate these campaigns are ongoing and that the threat actors have successfully infiltrated online Uyghur communities to distribute their malware.”

China-linked hackers have supposedly installed malware in apps such as religious platforms, dictionaries, maps, pirated versions of WhatsApp, available only on third-party stores because it is illegal in China – as is the official Google Play store, which is blocked in the country.

According to Lookout, hackers routinely collect sensitive information – user’s location, call logs, contacts, text messages, and files. The report says that aforementioned tools even allow attackers to take photos and record conversations.

Researchers claim that the infected apps can be used to track, in the eyes of the government in Beijing, “actions considered indicative of religious extremism or separatism.”

Uyghurs have long been targeted in a sweeping campaign that China says prevents terrorism. However, independent observers say the crackdown in Xinjiang amounts to a mass detention program.

China has also for years been mass monitoring Uyghurs through their devices and tracking their movements with the help of facial recognition.

Washington blacklisted Chinese security camera manufacturers, Hikvision and Dahua, in 2019 for their alleged role in the surveillance against ethnic minorities in the country. However, Hikvision has so far avoided US sanctions.

A long-awaited report by the Office of the UN High Commissioner for Human Rights into what China refers to as the Xinjiang Uyghur Autonomous Region (XUAR) concluded at the end of August that “serious human rights violations” against Uyghurs and “other predominantly Muslim communities” have been committed.

"Despite growing international pressure, Chinese threat actors operating on behalf of the Chinese state are likely to continue to distribute surveillanceware targeting Uyghur and Muslim mobile device users through Uyghur-language communications platforms," Lookout researchers warn.

More from Cybernews:

Weakest passwords of 2022

Planning for digital afterlife: what happens to your accounts when you pass away?

Twitter stops Blue subscription in its tracks due to mass abuse of service – for now